Hello Rene ,
I understood that any created Certificat wil be signed by Private Key of Root Certificat. when wee use intermediate CA and the root CA is offline how will Intermediate CA access Private Key of Root CA for signing a new generated Certificat ? in this Case the Intermediate will use its own root Certificate that has been signed by root CA Certificate ? but how this will occur ?
second Question : should client has both CA Root Certificate and Server Certificate locally installed to trust the presented Certificate from Web server for example ? or It should only has the Server Certificate installed and when this Server Certificate is presented then It can ask the CA Server if this Certificate is trusted or not ?
Thanks in Advanced .